Historically, sensitive transactions, e.g. transactions conducted with government agencies or private financial institutions, have been conducted in person to, in part, verify the person with whom the transaction was being conducted. For example, a picture identification from a trusted source (such as a driver's license) could be compared with the person opening a new account with a private financial institution, such as a local branch of a bank. Recently, however, the trend is to conduct business at arms-length, i.e., to migrate transactions between parties towards becoming more impersonal and to accommodate remote interactions. For example, local and national banks, as well as government agencies, are enabling persons to perform a number of sensitive transactions over computer networks, such as public computer networks (e.g., the “Internet”). Since these communications often occur over public computer networks, the communications are typically encrypted, and hence provide some measure of security. Although the communication channels are secure, however, identification of the parties is difficult to verify during these arms-length transactions, and hence run the risk of fraud or other abuses of trust. Moreover, a counter-trend to conducting transactions over the Internet via a webpage or similar technologies, i.e. impersonal transactions, attempts to make the interactions more personal by allowing the transactions to occur within a virtual world (also known as the “3D Internet”).
A virtual world is a computer-based simulated environment where avatars (i.e., a virtual representation of a user) inhabit and interact with other avatars. In a virtual world (e.g., Active Worlds™), a human projects himself/herself into the virtual world in the form of an actor (e.g., a motional avatar) that can interact within the virtual world. Examples of virtual worlds include, but are not limited to, Second Life®, There, Eve Online and others such as Metaverse (e.g., a virtual world where humans interact with each other and software applications in three dimensional space that uses a metaphor of a real world) and MMORPGs (Massively Multiplayer Online Role-Playing Games) environments.
These virtual world environments often include imaginary characters participating in fictional events, activities and transactions. There are educational and entertainment benefits in creating new and challenging ways to relate virtual world environments with real-world experiences.
Currently, however, virtual world communities are expanding beyond education and entertainment. For example, some virtual world communities, typified by Second Life, are attracting attention and increasing in popularity—in part, by allowing various transactions to occur with real-world implications within the virtual world. In virtual world communities, however, the owner of an avatar is not easily discernable and hence, verifiable. For example, in the virtual world, a “real owner” (i.e. a human) can be represented by more than one “virtual characters” (i.e. avatars) with x, y, z coordinates that are mapped within the three-dimensional space deemed to be the virtual world.
Moreover, virtual worlds have a number of characteristics that facilitate monitoring and rating activities within the virtual world. One such characteristic is that there are always some users (perhaps residing in different time zones) participating, and hence logged onto, the virtual world. Consequently, there is a persistent presence of users and users can interact relatively easily with other users at any time. In the existing communities of users, tags or rating values may be assigned to the users (or more specifically, to the users' avatars), based on a user's interaction with others. In addition, it is easy for users to move (or “teleport”) between communities, simply by modifying the three-dimensional coordinates of an avatar. However, a group of users who do malicious actions can intentionally increase their rating values. Accordingly, such ratings cannot be trusted as a criterion of indicating correct evaluations or a person's credentials.
In addition, many users belong to a plurality of groups. In many of the existing implemented communities, admittance into a building or an island is controlled on a group-by-group basis (e.g., membership to a discount club that has a presence in the virtual world). Accordingly, users who do malicious actions often belong to a certain group (there is also a possibility that malicious actors frequently change the name of their group as a countermeasure, for example). An administrator of a community can easily find out what group a user belongs to, but cannot easily verify whether the user of the avatar is the same user who is registered with a group. Hence, regulating admittance into a building or an island based on group affiliation is difficult to administrate effectively.
Another situation unique to virtual worlds that raises a security concern is ascertaining whether a human is controlling the avatar. To wit, “Internet bots”, also known as web robots, WWW robots, or simply bots, are software applications that run automated tasks over the Internet (see, e.g., “http://en.wikipedia.org/wiki/Internet_bot”); consequently, bots are able to control an avatar instead of a human controlling the avatar. Typically, bots perform tasks that are both simple and structurally repetitive, and while performance of these tasks is relatively harmless, bots are not limited these types of actions.
For example, programs and algorithms can be used to create bots that mimic actions of avatars within virtual environments. Thus, bots could be a particular issue within Virtual Store Environments, creating a three-dimensional version of email spamming and junk mail. For example, as more retailers enter the realm of Second Life, bots could be used as a viral marketing technique as avatars are created for no reason other than to promote products, hassle customers, etc. In addition, bots could impersonate a user (i.e. a form of identity theft) and conduct a transaction, thereby committing the true owner of the avatar to a transaction not otherwise intended.
Consequently, determining “who” is conducting a transaction online is difficult; e.g., determining whether a human is controlling the avatar and whether the human controlling the avatar is the correct owner (i.e., trusted) and accurately described him or herself. Due to this inherent difficulty online, malicious users can easily steal another user's identity, or within a virtual world, change the status of an avatar (perhaps used by another user) within the virtual world. This type of malicious use, which is a consequence of the inherent difficulty associated with verifying the identity of a person, can become troublesome during business transactions, can lead to defamation and may raise privacy concerns.
Therefore, it would be highly desirable to provide an apparatus and method for human identification for use in a virtual world environment as well as other online environments, that identifies a human user in real-time, and prevents the user from using previously used credentials as a way of gaining unauthorized access or performing unauthorized transactions.